SocGholish (ab84f259-9b9a-51d8-a68a-2bcd7512d760)
SocGholish is a JavaScript-based loader malware that has been used since at least 2017. It has been observed in use against multiple sectors globally for initial access, primarily through drive-by-downloads masquerading as software updates. SocGholish is operated by Mustard Tempest and its access has been sold to groups including Indrik Spider for downloading secondary RAT and ransomware payloads.[SentinelOne SocGholish Infrastructure November 2022][SocGholish-update][Red Canary SocGholish March 2024][Secureworks Gold Prelude Profile]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Mustard Tempest (0898e7cb-118e-5eeb-b856-04e56ed18182) | Tidal Groups | SocGholish (ab84f259-9b9a-51d8-a68a-2bcd7512d760) | Tidal Software | 1 |